Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: merge key for key groups and *make keys unique* #1493

Merged
merged 1 commit into from
Jun 27, 2024
Merged

Feature: merge key for key groups and *make keys unique* #1493

merged 1 commit into from
Jun 27, 2024

Conversation

jonasbadstuebner
Copy link
Contributor

This closes #1123

The test is not very great (as in: "It doesn't check very much"), but since it was not too hard to implement, I think this is okay.

If you have any comments, please let me know.

@jonasbadstuebner jonasbadstuebner force-pushed the feature-merge-key-groups branch from 9fbc9ea to 372d21b Compare April 23, 2024 15:23
@jonasbadstuebner
Copy link
Contributor Author

jonasbadstuebner commented Apr 23, 2024
edited
Loading

Just so I have said it: This does not ensure that a key is included only once. Maybe this is a desirable feature when people start merging key_groups now?

But that is not any different from the overall key_groups behavior. And as far as I can tell, sops can handle it if there are multiple recipients matching. (I think it just takes the first matching one, I haven't checked this any futher)

@jonasbadstuebner
Copy link
Contributor Author

Should also mention:
Fixes #878

@jonasbadstuebner
Copy link
Contributor Author

Would be nice to get an ETA of when this will be looked at and maybe an ETA for a new patch release that includes this feature?

@jonasbadstuebner
Copy link
Contributor Author

@felixfontein Sorry to bother you again, but what is the current state of sops, it seems to be very slow moving and the last patch release has been a long time ago.

Why does a small MR like this take so much time to review and merge and when is the next patch release planned? 3.9.0 is on the road map for a very long time already, do you need help or is it something else?

@felixfontein
Copy link
Contributor

It seems that most maintainers currently have no time to review PRs. Since I don't want to merge PRs that I don't fully understand without a second review, this means that rarely any PRs get merged currently.

I was hoping for a soonish 3.9.0 release for some time already, I have no idea when it will happen.

@jonasbadstuebner
Copy link
Contributor Author

If you need maintainers, I would be happy to support sops. Who would be in charge of deciding this and what would I have to do?

@felixfontein
Copy link
Contributor

I'm not sure how the process works, but joining the #sops-dev channel on the CNCF Slack (https://github.com/getsops/sops/blob/main/CONTRIBUTING.md#communication, the second link allows you to get an invite for the CNCF Slack, and the former then allows you to join that channel) is probably a good idea.

felixfontein
felixfontein reviewed Jun 3, 2024
View reviewed changes
Copy link
Contributor

@felixfontein felixfontein left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some thoughts about recursion ;)

Just so I have said it: This does not ensure that a key is included only once. Maybe this is a desirable feature when people start merging key_groups now?

I tend to say yes. We definitely have to make sure to avoid breaking backwards compatibility, though. Maybe it should only be used for everything inside merge, but not for the ones added on top-level? I.e. remove duplicates in line 193, after processing group.Merge and before processing group.Age.

config/config.go Show resolved Hide resolved
config/config_test.go Outdated Show resolved Hide resolved
@jonasbadstuebner
Copy link
Contributor Author

jonasbadstuebner commented Jun 3, 2024
edited
Loading

Some thoughts about recursion ;)

Just so I have said it: This does not ensure that a key is included only once. Maybe this is a desirable feature when people start merging key_groups now?

I tend to say yes. We definitely have to make sure to avoid breaking backwards compatibility, though. Maybe it should only be used for everything inside merge, but not for the ones added on top-level? I.e. remove duplicates in line 193, after processing group.Merge and before processing group.Age.

This implementation would allow

key_groups:
- key1
  merge:
  - key1

Which would result in duplicated key1. Is this the desired behavior?

@jonasbadstuebner jonasbadstuebner force-pushed the feature-merge-key-groups branch from 45fc358 to 8b39237 Compare June 3, 2024 22:14
@jonasbadstuebner
Copy link
Contributor Author

I implemented the uniqueness as requested. The top-level is not touched.

felixfontein
felixfontein reviewed Jun 4, 2024
View reviewed changes
config/config.go Outdated Show resolved Hide resolved
config/config_test.go Show resolved Hide resolved
@felixfontein
Copy link
Contributor

This implementation would allow

key_groups:
- key1
  merge:
  - key1

Which would result in duplicated key1. Is this the desired behavior?

I wouldn't say "desired", but I think it's a good compromise between backwards compatibility (you were able to duplicate keys before) and not deduplicating at all.

Another possibility would be to deduplicate everything once group.Merge contains something. In that case no deduplication is done for backwards compatibility if the merge feature isn't used, but once it is used the result is always deduplicated.

@jonasbadstuebner jonasbadstuebner force-pushed the feature-merge-key-groups branch from 8b39237 to ec03063 Compare June 4, 2024 06:07
@jonasbadstuebner
Copy link
Contributor Author

To me, changing the behavior of the top-level based on a key being present would be unintuitive.
Does removing duplicates on the top-level really break backwards compatibility though? If you have 2 keys in this list that are basically the same, it should not break your en- or decryption to only have the key included once. But I did not test this very deeply.

@felixfontein
Copy link
Contributor

Having thought some more about this, I tend to agree that removing duplication in generally should be OK.

It's mainly breaking in the sense that if you re-encrypt a file that has duplicated keys (like when editing the encrypted content), suddenly some keys are removed, which can be quite confusing for users. But as long as we explicitly announce deduplication in the changelog, I think it should be OK.

(I would also mention it in the PR's title, so it shows up prominently in the git commit log.)

@jonasbadstuebner jonasbadstuebner force-pushed the feature-merge-key-groups branch from ec03063 to 78b2ab1 Compare June 10, 2024 12:26
@jonasbadstuebner jonasbadstuebner changed the title Feature: merge key for key groups Feature: merge key for key groups and *make keys unique* Jun 10, 2024
felixfontein
felixfontein approved these changes Jun 10, 2024
View reviewed changes
Copy link
Contributor

@felixfontein felixfontein left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. Let's wait a bit more whether someone comments on #1493 (comment).

@devstein devstein requested a review from a team June 11, 2024 00:10
This was referenced Jun 26, 2024
Merged
Closed
@felixfontein felixfontein added this to the v3.9.0 milestone Jun 26, 2024
sabre1041
sabre1041 approved these changes Jun 27, 2024
View reviewed changes
Copy link

@sabre1041 sabre1041 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jonasbadstuebner @felixfontein
feat(config): merge key_groups
a1738b7 
closes getsops#1123

Signed-off-by: Jonas Badstübner <[email protected]>
@felixfontein felixfontein force-pushed the feature-merge-key-groups branch from 78b2ab1 to a1738b7 Compare June 27, 2024 07:25
@felixfontein felixfontein merged commit 72b7d5b into getsops:main Jun 27, 2024
9 checks passed
@felixfontein
Copy link
Contributor

@jonasbadstuebner thanks for your contribution!
@sabre1041 thanks for reviewing this!

@felixfontein felixfontein mentioned this pull request Jun 27, 2024
Closed
@jonasbadstuebner jonasbadstuebner mentioned this pull request Jul 3, 2024
Open
@snovikov snovikov mentioned this pull request Dec 16, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@felixfontein felixfontein felixfontein approved these changes

@sabre1041 sabre1041 sabre1041 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v3.9.0
Development

Successfully merging this pull request may close these issues.
3 participants
@jonasbadstuebner @felixfontein @sabre1041